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13 1. Document ID: US 6859533 Bl 

L6: Entry 1 of 13 



File: USPT 



Feb 22, 2005 



US-PAT-NO: 6859533 

DOCUMENT- IDENTIFIER: US 6859533 Bl 

TITLE: System and method for transferring the right to decode messages in a 
symmetric encoding scheme 

DATE -ISSUED : February 22, 2005 

INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Wang; Xin Los Angeles CA 

Ta; Thanh T. Huntington Beach CA 

US -CL- CURRENT: 380 /28; 380 / 259 



Methods for transferring among key holders in encoding and cryptographic systems 
the right to decode and decrypt messages in a way that does not explicitly reveal 
decoding and decrypting keys used and the original messages. Such methods are more 
secure and more efficient than typical re-encoding and re-encryption schemes, and 
are useful in developing such applications as document distribution and long-term 
file protection. 

11 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 14 



US-PAT-NO: 6850909 

DOCUMENT- IDENTIFIER: US 6850909 Bl 

TITLE: Using smartcards to enable probabilistic transactions on an untrusted device 



ABSTRACT : 




□ 2. Document ID: US 6850909 Bl 

L6: Entry 2 of 13 



File: USPT 



Feb 1, 2005 
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DATE- ISSUED : February 1, 2005 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Aiello; William A. Madison NJ 

Rubin; Aviel D. West Caldwell NJ 

Strauss; Martin J. Summit NJ 

US - CL - CURRENT : 705 /50; 380 / 228 , 380 / 239 , 380 / 272 , 713 / 162 , 713 / 171 , 713 / 200 
ABSTRACT: 

The present invention permits a user to conduct remote transactions without a 
network while using an untrusted computing device, such as a hand-held personal 
digital assistant or a laptop computer. The computing device is augmented with a 
smartcard reader, and the user obtains a smartcard and connects it to the device. 
This design can be used by an untrusted user to perform financial transactions, 
such as placing bets on the outcome of a probabilistic computation. Protocols are 
presented for adding (purchasing) or removing (selling) value on the smartcard, 
again without requiring a network connection. Using the instant protocols, neither 
the user nor the entity issuing the smartcards can benefit from cheating. 

8 Claims, 6 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 5 
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□ 3. Document ID: US 6850252 Bl 

L6: Entry 3 of 13 



File: USPT 



Feb 1, 2005 



US-PAT-NO: 6850252 
DOCUMENT- IDENTIFIER : 



US 6850252 Bl 



TITLE: Intelligent electronic appliance system and method 
DATE-ISSUED: February 1, 2005 



INVENTOR- INFORMATION : 
NAME 

Hoffberg; Steven M. 



CITY 

West Harrison 



STATE ZIP CODE 
NY 10994 



COUNTRY 



US -CL- CURRENT: 715 / 716 ; 380 / 252 , 715 / 719 , 715 / 727 
ABSTRACT: 

An intelligent electronic appliance preferably includes a user interface, data 
input and/or output port, and an intelligent processor. A preferred embodiment 
comprises a set top box for interacting with broadband media streams, with an 
adaptive user interface, content-based media processing and/or media metadata 
processing, and telecommunications integration. An adaptive user interface models 
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the user, by observation, feedback, and/or explicit input, and presents a user 
interface and/or executes functions based on the user model. A content-based media 
processing system analyzes media content, for example audio and video, to 
understand the content, for example to generate content-descriptive metadata. A 
media metadata processing system operates on locally or remotely generated metadata 
to process the media in accordance with the metadata, which may be, for example, an 
electronic program guide, MPEG 7 data, and/or automatically generated format. A set 
top box preferably includes digital trick play effects, and incorporated digital 
rights management features. 

22 Claims, 32 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 2 8 



US-PAT-NO: 6786420 

DOCUMENT- IDENTIFIER: US 6786420 Bl 

TITLE: Data distribution mechanism in the form of ink dots on cards 
DATE-ISSUED: September 7, 2004 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

S i 1 ve rb rook ; Ki a Sydney AU 

US -CL- CURRENT: 235 / 494 



An improved form of information distribution information distribution medium is 
disclosed comprising a card on which at least one surface thereof contains 
distributed information encoded as an array of dots printed on the surface in a 
fault tolerant manner. Preferably, the array of dots is grouped into a plurality of 
data segment blocks with each data segment block having a delineated border region 
for accurately spatially locating the dots. The delineated border region can 
include a series of periodically spaced markers, the periodicity being 
substantially twice the pitch of the array of dots. The delineated border region 
can further include at least one line of dots spaced adjacent to the periodically 
spaced markers. The periodically spaced markers can comprise substantially 2 or 3 
adjacent printed dots. Applications and uses of such-a system are also disclosed. 

8 Claims, 2 32 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 140 





□ 4. Document ID: US 6786420 Bl 

L6: Entry 4 of 13 



File: USPT 



Sep 7, 2004 



ABSTRACT : 
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□ 5. Document ID: US 6772331 Bl 

L6: Entry 5 of 13 



File: USPT 



Aug 3, 2004 



US-PAT-NO: 6772331 

DOCUMENT- IDENTIFIER: US 6772331 Bl 

TITLE: Method and apparatus for exclusively pairing wireless devices 
DATE -ISSUED: August 3, 2004 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Hind; John Raithel Raleigh NC 

Peters; Marcia Lambert Raleigh NC 

US -CL- CURRENT: 713/151; 370/313, 707/10, 707/9, 713/178, 713/182, 713/200 



A method and system for enabling wireless devices to be paired or permanently 
associated by a user or a network administrator. The method and system utilize well 
known public key cryptography and machine unique identifiers to establish a secure 
channel and associate the devices with eachother. This is extremely useful for 
associating a wireless headset with a telephone or associating a wireless mouse 
with a computer. 

45 Claims, 9 Drawing figures 
Exemplary Claim Number : 1 
Number of Drawing Sheets : 9 



US-PAT-NO: 6609199 

DOCUMENT- IDENTIFIER: US 6609199 Bl 

TITLE: Method and apparatus for authenticating an open system application to a 
portable IC device 

DATE- ISSUED: August 19, 2 003 

INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

DeTreville; John Seattle WA 

US -CL- CURRENT: 713/172; 713/156, 713/157, 713/168, 713/169, 713/175 



ABSTRACT : 




□ 6. Document ID: US 6609199 Bl 

L6: Entry 6 of 13 



File: USPT 



Aug 19, 2003 
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ABSTRACT : 

A secure communication channel between an open system and a portable IC device is 
established. An application running on the open system desiring access to the 
information on the portable IC device authenticates itself to the portable IC 
device, proving that it is trustworthy. Once such trustworthiness is proven, the 
portable IC device authenticates itself to the application. Once such two-way 
authentication has been completed, trusted communication between the open system 
and the portable IC device can proceed, and private information that is maintained 
on the portable IC device can be unlocked and made available to the application. 

3 0 Claims, 15 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 13 



Classification 



□ 7. Document ID: US 6496808 Bl 

L6: Entry 7 of 13 



File: USPT 



Dec 17, 2002 



US-PAT-NO: 6496808 

DOCUMENT- IDENTIFIER: US 6496808 Bl 

** See image for Certificate of Correction ** 

TITLE: Using smartcards to enable probabilistic transaction on an untrusted device 
DATE-ISSUED: December 17, 2002 



INVENTOR- INFORMATION : 
NAME 

Aiello; William A. 
Rubin; Aviel D. 
Strauss; Martin J. 



CITY 

Madison 

West Caldwell 

Summit 



STATE 
NJ 
NJ 
NJ 



ZIP CODE 



COUNTRY 



US - CL - CURRENT : 705/67; 380/228, 713/200 



ABSTRACT : 



The present method permits a user to conduct remote transactions without a network 
while using an untrusted computing device, such as a hand-held personal digital 
assistant or a laptop computer. The computing device is augmented with a smartcard 
reader, and the user obtains a smartcard and connects it to the device. This design 
can be used by an untrusted user to perform financial transactions, such as placing 
bets on the outcome of a probabilistic computation. Protocols are presented for 
adding (purchasing) or removing (selling) value on the smartcard, again without 
requiring a network connection. Using the instant protocols, neither the user nor 
the entity issuing the smartcards can benefit from cheating. 

4 Claims, 6 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 5 
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□ 8. Document ID: US 6381699 B2 

L6: Entry 8 of 13 



File: USPT 



Apr 30, 2002 



US -PAT -NO : 6381699 

DOCUMENT- IDENTIFIER: US 6381699 B2 

TITLE: Leak-resistant cryptographic method and apparatus 
DATE-ISSUED: April 30, 2002 
INVENTOR - INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Kocher; Paul C. San Francisco CA 

Jaffe; Joshua M. San Francisco CA 

US -CL- CURRENT: 713 / 172 ; 705 /65, 713 / 174 , 713 / 340 



The present invention provides a method and apparatus for securing cryptographic 
devices against attacks involving external monitoring and analysis. A "self- 
healing" property is introduced, enabling security to be continually re-established 
following partial compromises. In addition to producing useful cryptographic 
results, a typical leak-resistant cryptographic operation modifies or updates 
secret key material in a manner designed to render useless any information about 
the secrets that may have previously leaked from the system. Exemplary leak-proof 
and leak-resistant implementations of the invention are shown for symmetric 
authentication, certified Dif f ie-Hellman (when either one or both users have 
certificates) , RSA, ElGamal public key decryption, ElGamal digital signing, and the 
Digital Signature Algorithm. 

18 Claims, 4 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 4 



US-PAT-NO: 6314409 

DOCUMENT- IDENTIFIER: US 6314409 Bl 

TITLE: System for controlling access and distribution of digital property 
DATE-ISSUED: November 6, 2001 
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INVENTOR- INFORMATION : 



NAME 



CITY 



STATE 



ZIP CODE 



COUNTRY 



Schneck; Paul B. 
Abrams; Marshall D. 



Potomac 



Silver Spring 



MD 



MD 



US -CL- CURRENT: 705 /54; 380 / 259 , 380 / 287 , 380 /59, 705 /57, 713 / 182 , 713 / 189 , 713 / 193 , 
713/194, 713/200 



A method and device are provided for controlling access to data. Portions of the 
data are protected and rules concerning access rights to the data are determined. 
Access to the protected portions of the data is prevented, other than in a non- 
useable form; and users are provided access to the data only in accordance with the 
rules as enforced by a mechanism protected by tamper detection. A method is also 
provided for distributing data for subsequent controlled use of those data. The 
method includes protecting portions of the data; preventing access to the protected 
portions of the data other than in a non-useable form; determining rules concerning 
access rights to the data; protecting the rules; and providing a package including: 
the protected portions of the data and the protected rules. A user is provided 
controlled access to the distributed data only in accordance with the rules as 
enforced by a mechanism protected by tamper protection. A device is provided for 
controlling access to data having protected data portions and rules concerning 
access rights to the data. The device includes means for storing the rules; and 
means for accessing the protected data portions only in accordance with the rules, 
whereby user access to the protected data portions is permitted only if the rules 
indicate that the user is allowed to access the portions of the data. 

43 Claims, 34 Drawing figures 
Exemplary Claim Number: 3 5 
Number of Drawing Sheets: 26 



US-PAT-NO: 6304658 

DOCUMENT- IDENTIFIER: US 6304658 Bl 

** See image for Certificate of Correction ** 

TITLE: Leak-resistant cryptographic method and apparatus 

DATE-ISSUED: October 16, 2001 

INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Kocher; Paul C. San Francisco CA 

Jaffe; Joshua M. San Francisco CA 

US - CL - CURRENT : 380/30; 380/28, 380/44 



ABSTRACT : 




□ 10. Document ID: US 6304658 Bl 

L6: Entry 10 of 13 



File: USPT 



Oct 16, 2001 
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ABSTRACT : 

The present invention provides a method and apparatus for securing cryptographic 
devices against attacks involving external monitoring and analysis. A "self- 
healing" property is introduced, enabling security to be continually re-established 
following partial compromises. In addition to producing useful cryptographic 
results, a typical leak-resistant cryptographic operation modifies or updates 
secret key material in a manner designed to render useless any information about 
the secrets that may have previously leaked from the system. Exemplary leak-proof 
and leak-resistant implementations of the invention are shown for symmetric 
authentication, certified Dif f ie-Hellman (when either one or both users have 
certificates) , RSA, ElGamal public key decryption, ElGamal digital signing, and the 
Digital Signature Algorithm. 

54 Claims, 4 Drawing figures 
Exemplary Claim Number : 1 
Number of Drawing Sheets: 4 
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□ 11. Document ID: US 6192472 Bl 

L6: Entry 11 of 13 File: USPT Feb 20, 2001 

US-PAT-NO: 6192472 

DOCUMENT- IDENTIFIER: US 6192472 Bl 

TITLE: Method and apparatus for the secure distributed storage and retrieval of 
information 

DATE- ISSUED: February 20, 2 0 01 
INVENTOR- INFORMATION : 

NAME CITY STATE ZIP CODE COUNTRY 

Garay; Juan Alberto Yonkers NY 

Gennaro; Rosario New York NY 

Jutla; Charanjit Singh Elmsford NY 

Rabin; Tal D. Riverdale NY 

US -CL- CURRENT: 713 / 165 ; 713 / 153 
ABSTRACT: 

A solution to the general problem of Secure Storage and Retrieval of Information 
(SSRI) guarantees that also the process of storing the information is correct even 
when some processors fail. A user interacts with the storage system by depositing a 
file and receiving a proof that the deposit was correctly executed. The user 
interacts with a single distinguished processor called the gateway. The mechanism 
enables storage in the presence of both inactive and maliciously active faults, 
while maintaining (asymptotical) space optimailty. This mechanism is enhanced with 
the added requirement of confidentiality of information; i.e., that a collusion of 
processors should not be able to learn anything about the information. Also, in 
this case space optimality is preserved. 
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31 Claims, 9 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 9 
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; Attachments 



E 12. Document ID: US 5991414 A 

L6: Entry 12 of 13 



File: USPT 



Nov 23, 1999 



US-PAT-NO: 5991414 
DOCUMENT- IDENTIFIER : 



US 5991414 A 



TITLE: Method and apparatus for the secure distributed storage and retrieval of 
information 

DATE-ISSUED: November 23, 1999 



INVENTOR- INFORMATION : 
NAME 

Garay; Juan Alberto 
Gennaro; Rosario 
Jut la; Charanjit Singh 
Rabin; Tal D. 



CITY 
Yonkers 
New York 
Elmsf ord 
Riverdale 



STATE 

NY 

NY 

NY 

NY 



ZIP CODE 



COUNTRY 



US -CL- CURRENT: 
713/193 



713/165; 380/30, 707/202, 709/201, 713/168, 713/180, 713/181, 



ABSTRACT : 

A solution to the general problem of Secure Storage and Retrieval of Information 
(SSRI) guarantees that also the process of storing the information is correct even 
when some processors fail. A user interacts with the storage system by depositing a 
file and receiving a proof that the deposit was correctly executed. The user 
interacts with a single distinguished processor called the gateway. The mechanism 
enables storage in the presence of both inactive and maliciously active faults, 
while maintaining (asymptotical) space optimailty. This mechanism is enhanced with 
the added requirement of confidentiality of information; i.e., that a collusion of 
processors should not be able to learn anything about the information. Also, in 
this case space optimality is preserved. 

14 Claims, 9 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 9 
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US-PAT-NO: 5933498 
DOCUMENT - I DENT I F I ER : 



US 5933498 A 



TITLE: System for controlling access and distribution of digital property 
DATE-ISSUED: August 3, 1999 



INVENTOR- INFORMATION : 
NAME 

Schneck; Paul B. 
Abrams; Marshall D. 

US -CL- CURRENT: 705/54 



CITY STATE 
Potomac MD 
Silver Spring MD 



ZIP CODE 



COUNTRY 



ABSTRACT : 

A method and device are provided for controlling access to data. Portions of the 
data are protected and rules concerning access rights to the data are determined. 
Access to the protected portions of the data is prevented, other than in a non- 
useable form; and users are provided access to the data only in accordance with the 
rules as enforced by a mechanism protected by tamper detection. A method is also 
provided for distributing data for subsequent controlled use of those data. The 
method includes protecting portions of the data; preventing access to the protected 
portions of the data other than in a non-useable form; determining rules concerning 
access rights to the data; protecting the rules; and providing a package including: 
the protected portions of the data and the protected rules. A user is provided 
controlled access to the distributed data only in accordance with the rules as 
enforced by a mechanism protected by tamper protection. A device is provided for 
controlling access to data having protected data portions and rules concerning 
access rights to the data. The device includes means for storing the rules; and 
means for accessing the protected data portions only in accordance with the rules, 
whereby user access to the protected data portions is permitted only if the rules 
indicate that the user is allowed to access the portions of the data. 

88 Claims, 3 5 Drawing figures 
Exemplary Claim Number: 49 
Number of Drawing Sheets: 26 
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Using smartcards to secure a personalized gambling device 
William A. Aiello, Aviel D. Rubin, Martin J. Strauss 

November 1999 Proceedings of the 6th ACM conference on Computer and 
communications security 

Full text available: ^) pdf(762.94 KB) Additional Information: full citation , abstract , references , index terms 

We introduce a technique for using an untrusted device, such as a hand-held personal digital 
assistant or a laptop to perform real financial transactions without a network. We utilize the 
tamper-resistant nature of smartcards to store value on them and perform probabilistic 
computations based on user input. We discuss an application of this to gambling. The 
technique has the properties that the user is guaranteed to make money when he wins and 
the house is guaranteed to make money w ... 



2 PicoDBMS: Scaling down database techniques for the smartcard 
Philippe Pucheral, Luc Bouganim, Patrick Valduriez, Christophe Bobineau 
September 2001 The VLDB Journal — The International Journal on Very Large Data 

Bases, Volume 10 Issue 2-3 
Full text available: ^j| pdf(259.03 KB) Additional Information: full citation , abstract , index terms 

Smartcards are the most secure portable computing device today. They have been used 
successfully in applications involving money, and proprietary and personal data (such as 
banking, healthcare, insurance, etc.). As smartcards get more powerful (with 32-bit CPU and 
more than 1 MB of stable memory in the next versions) and become multi-application, the 
need for database management arises. However, smartcards have severe hardware 
limitations (very slow write, very little RAM, constrained stable mem ... 

Keywords: Atomicity, Durability, Execution model, PicoDBMS, Query optimization, 
Smartcard applications, Storage model 




3 A new public key cryptosystem based on higher residues Q 
David Naccache, Jacques Stern 

November 1998 Proceedings of the 5th ACM conference on Computer and 
communications security 

Full text available: ^[ pdf(1.0Q MB) Additional Information: full citation , references , citings , index terms 
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4 Reliability and security: Java cryptography on KVM and its performance and security Q 
optimization using HW/SW co-design techniques 
Yusuke Matsuoka, Patrick Schaumont, Kris Tiri, Ingrid Verbauwhede 
September 2004 Proceedings of the 2004 international conference on Compilers, 

architecture, and synthesis for embedded systems 
Full text available: ^ pdfd 88.08 KB) Additional Information: full citation , abstract , references , index terms 

This paper describes a design approach to include and optimize Java based cryptographic 
applications into resource limited embedded devices. For easy prototyping and to be platform 
independent, the security applications are first developed in Java. Two Java cryptographic 
libraries, the Bouncy Castle API and the IAIK API are ported to a real embedded device for 
cost and performance evaluation. It requires 0.88Mbytes to 1.2Mbytes in the KVM footprint 
size and a few milliseconds to run secret key al ... 

Keywords: cryptography, design, embedded systems, java, security 



5 Security in embedded systems: Design challen ges 

Srivaths Ravi, Anand Raghunathan, Paul Kocher, Sunil Hattangady 

August 2004 ACM Transactions on Embedded Computing Systems (TECS), volume 3 issue 3 
Full text available: ^ pdf(3.67 MB) Additional Information: full citation , abstract , references , index terms 

Many modern electronic systems— including personal computers, PDAs, cell phones, 
network routers, smart cards, and networked sensors to name a few— need to access, 
store, manipulate, or communicate sensitive information, making security a serious concern 
in their design. Embedded systems, which account for a wide range of products from the 
electronics, semiconductor, telecommunications, and networking industries, face some of 
the most demanding security concerns— on the one hand, they are oft ... 

Keywords: Embedded systems, architecture, authentication, battery life, cryptographic 
algorithms, decryption, encryption, hardware design, processing requirements, security, 
security attacks, security protocols, tamper resistance 



6 DB-IR-1 (databases and information retrieval): indexing and query processing effiency: Q 
Energy management schemes for memory-resident database systems 
Jayaprakash Pisharath, Alok Choudhary, Mahmut Kandemir 

November 2004 Proceedings of the Thirteenth ACM conference on Information and 
knowledge management 

Full text available: ^pdf(251.47 KB) Additional Information: full citation , abstract , references , index terms 

With the tremendous growth of system memories, memory-resident databases are 
increasingly becoming important in various domains. Newer memories provide a structured 
way of storing data in multiple chips, with each chip having a bank of memory modules. 
Current memory-resident databases are yet to take full advantage of the banked storage 
system, which offers a lot of room for performance and energy optimizations. In this paper, 
we identify the implications of a banked memory environment in sup ... 

Keywords: DRAM, database, energy, hardware energy scheme, multiquery optimization, 
power consumption, query-directed energy management 
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terms 

We introduce the notion of a Physical Random Function (PUF). We argue that a complex 
integrated circuit can be viewed as a silicon PUF and describe a technique to identify and 
authenticate individual integrated circuits (ICs).We describe several possible circuit 
realizations of different PUFs. These circuits have been implemented in commodity Field 
Programmable Gate Arrays (FPGAs). We present experiments which indicate that reliable 
authentication of individual FPGAs can be performed even in the ... 

Keywords: identification, physical random function, physical security, smartcard, tamper 
resistance, unclonability 



8 Scheduling and resource allocation: Samsara: honor among thieves in peer-to-peer 
storage 

Landon P. Cox, Brian D. Noble 

October 2003 Proceedings of the nineteenth ACM symposium on Operating systems 
principles 

Full text available: lagl pdf(290.28 KB) Additional Information: full citation, abstract , references , citings, index 
• : terms 

Peer-to-peer storage systems assume that their users consume resources in proportion to 
their contribution. Unfortunately, users are unlikely to do this without some enforcement 
mechanism. Prior solutions to this problem require centralized infrastructure, constraints on 
data placement, or ongoing administrative costs. All of these run counter to the design 
philosophy of peer-to-peer systems. Samsara enforces fairness in peer-to-peer storage 
systems without requiring trusted third parties, ... 

Keywords: distributed accounting, peer-to-peer storage systems 



A survey of peer-to-peer content distribution technologies 

Stephanos Androutsellis-Theotokis, Diomidis Spinellis 

December 2004 ACM Computing Surveys (CSUR), volume 36 issue 4 

Full text available: ^j] pdf(517.77 KB) Additional Information: full citation , abstract , references , index terms 

Distributed computer architectures labeled "peer-to-peer" are designed for the sharing of 
computer resources (content, storage, CPU cycles) by direct exchange, rather than requiring 
the intermediation or support of a centralized server or authority. Peer-to-peer architectures 
are characterized by their ability to adapt to failures and accommodate transient populations 
of nodes while maintaining acceptable connectivity and performance. Content distribution is 
an important peer-to-peer application ... 

Keywords: Content distribution, DHT, DOLR, grid computing, p2p, peer-to-peer 



10 Special session on security on SoC: Securing wireless data: system architecture 
challenges 

Srivaths Ravi, Anand Raghunathan, Nachiketh Potlapally 

October 2002 Proceedings of the 15th international symposium on System Synthesis 

Full text available* 15?I odfH 72 35 KB) Additional Information: full citation , abstract , references , citings, index 

— 1 terms 

Security is critical to a wide range of current and future wireless data applications and 
services. This paper highlights the challenges posed by the need for security during system 
architecture design for wireless handsets, and provides an overview of emerging techniques 
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to address them. We focus on the computational requirements for securing wireless data 
transactions, revealing a gap between these requirements and the trends in processing 
capabilities of embedded processors used in wireless h ... 

Keywords: 3DES, AES, DES, IPSec, RSA, SSL, WTLS, decryption, design methodology, 
embedded system, encryption, handset, mobile computing, performance, platform, security, 
security processing, system architecture, wireless communications 



11 Processor microarchitecture II: AEGIS: architecture for tamper-evident and tamper- 
resistant processing 

G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas 
June 2003 Proceedings of the 17th annual international conference on 
Supercomputing 

Full text available-^ pdf(286 90 KB) Additional Information: full citation , abstract , references , citings , index 

We describe the architecture for a single-chip aegis processor which can be used to build 
computing systems secure against both physical and software attacks. Our architecture 
assumes that all components external to the processor, such as memory, are untrusted. We 
show two different implementations. In the first case, the core functionality of the operating 
system is trusted and implemented in a security kernel. We also describe a variant 
implementation assuming an untrusted operating s ... 

Keywords: certified execution, secure processors, software licensing 



12 Security: HIDE: an infrastructure for efficiently protecting information leakage on the 
address bus 

Xiaotong Zhuang, Tao Zhang, Santosh Pande 

October 2004 Proceedings of the 11th international conference on Architectural 
support for programming languages and operating systems 

Full text available* fi3 Ddf(216 31 KB) Additional Information: full citation , abstract , references , citings , index 
' l^^—* ! terms 

XOM-based secure processor has recently been introduced as a mechanism to provide copy 
and tamper resistant execution. XOM provides support for encryption/decryption and 
integrity checking. However, neither XOM nor any other current approach adequately 
addresses the problem of information leakage via the address bus. This paper shows that 
without address bus protection, the XOM model is severely crippled. Two realistic attacks 
are shown and experiments show that 70% of the code might be cracked ... 

Keywords: address bus leakage protection, secure processor 



13 On the fly signatures based on factoring 
Guillaume Poupard, Jacques Stern 

November 1999 Proceedings of the 6th ACM conference on Computer and 
communications security 

Full text available: ^ pdf(786.71 KB) Additional Information: full citation , abstract , references , index terms 

In response to the current need for fast, secure and cheap public-key cryptography largely 
induced by the fast development of electronic commerce, we propose a new on the fly 
signature scheme, i.e. a scheme that requires very small on-line work for the signer It 
combines provable security based on the factorization problem, short public and secret keys, 
short transmission and minimal on-line computation. It is the first RSA-like signature 
scheme that can be used for both ef ... 
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14 Just fast keying: Key agreement in a hostile internet Q 
William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. 
Keromytis, Omer Reingold 

May 2004 ACM Transactions on Information and System Security (TISSEC), volume 7 
Issue 2 

Full text available: ^ pdf(324.39 KB) Additional Information: full citation , abstract , references , index terms 

We describe Just Fast Keying (JFK), a new key-exchange protocol, primarily designed for 
use in the IP security architecture. It is simple, efficient, and secure; we sketch a proof of 
the latter property. JFK also has a number of novel engineering parameters that permit a 
variety of tradeoffs, most notably the ability to balance the need for perfect forward secrecy 
against susceptibility to denial-of-service attacks. 

Keywords: Cryptography, denial-of-service attacks 



1 5 Work-in-progress session on innovative topics: Security wra p pers and power analy sis Q 
for SoC technologies 

C. H. Gebotys, Y. Zhang 

October 2003 Proceedings of the 1st IEEE/ACM/IFIP international conference on 
Hardware/ software codesign and system synthesis 

Full text available: ^ pdf(790.57 KB) Additional Information: full citation , abstract , references , index terms 

Future wireless internet enabled devices will be increasingly powerful supporting many more 
applications including one of the most crucial, security. Although SoCs offer more resistance 
to bus probing attacks, power/EM attacks on cores and network snooping attacks by 
malicious code are relevant. This paper presents a methodology for security on NoC at both 
the network level (or transport layer) and at the core level (or application layer) is 
proposed. For the first time a low cost security wrapp ... 

Keywords: VUW, adiabatic, design, performance, security 

16 Key management and key exchange: Efficient. DoS-resistant. secure key exchange for Q 
internet protocols 

William Aiello, Steven M. Bellovin, Matt Blaze, John Ioannidis, Omer Reingold, Ran Canetti, 
Angelos D. Keromytis 

November 2002 Proceedings of the 9th ACM conference on Computer and 
communications security 

Full text available: pdf(1 18.52 KB) Additional Information: full citation , abstract , references , index terms 

We describe JFK, a new key exchange protocol, primarily designed for use in the IP Security 
Architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK 
also has a number of novel engineering parameters that permit a variety of trade-offs, most 
notably the ability to balance the need for perfect forward secrecy against susceptibility to 
denial-of-service attacks. 

Keywords: cryptography, denial of service attacks 

17 Approaches to fault-tolerant and transactional mobile agent execution— an algorithmic Q 
view 

Stefan Pleisch, Andre Schiper 

September 2004 ACM Computing Surveys (CSUR), Volume 36 Issue 3 

Full text available: *^ pdf(946.94 KB) Additional Information: full citation , abstract , references , index terms 
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Over the past years, mobile agent technology has attracted considerable attention, and a 
significant body of literature has been published. To further develop mobile agent 
technology, reliability mechanisms such as fault tolerance and transaction support are 
required. This article aims at structuring the field of fault-tolerant and transactional mobile 
agent execution and thus at guiding the reader to understand the basic strengths and 
weaknesses of existing approaches. It starts with a discu ... 

Keywords: ACID, Byzantine failures, agreement problem, asynchronous system, commit, 
crash failures, fault tolerance, malicious places, mobile agents, replication, security, 
transaction 



18 Logical and physical design issues for smart card databases 
Cristiana Bolchini, Fabio Salice, Fabio A. Schreiber, Letizia Tanca 
July 2003 ACM Transactions on Information Systems (TOIS), Volume 21 issue 3 

Full text available: 1g pdf(1.12 MB) Additional Information: full citation , abstract, references, citings, index 
' ^ terms 

The design of very small databases for smart cards and for portable embedded systems is 
deeply constrained by the peculiar features of the physical medium. We propose a joint 
approach to the logical and physical database design phases and evaluate several data 
structures with respect to the performance, power consumption, and endurance parameters 
of read/program operations on the Flash-EEPROM storage medium. 

Keywords: Design methodology, access methods, data structures, flash memory, personal 
information systems, smart card 



19 Access control policy implementation: Succinct specifications of portable document 
access policies 
Marina Bykova, Mikhail Atallah 

June 2004 Proceedings of the ninth ACM symposium on Access control models and 
technologies 

Full text available: Q pdf(210.88 KB) Additional Information: full citation , abstract , references , index terms 

When customers need to each be given portable access rights to subset of documents from 
large universe of n vailable documents, it is often the case that the space vailable for 
representing each customer's access rights is limited to much less than n, say it is no more 
than m bits. This is the case when, e.g., limited-capacity inexpensive cards are used to store 
the access rights to huge multimedia document databases. How does one represent subsets 
of huge set of n el ... 

Keywords: access control, access control enforcement, algorithm design, compact policy 
representation, computational complexity, portable access rights 



20 Optimizing equijoin queries in distributed databases where relations are hash 
partitioned 

Dennis Shasha, Tsong-Li Wang 

May 1991 ACM Transactions on Database Systems (TODS), volume 16 issue 2 

Full text available: fflpdf(1.84 MB) Additional Information: full citation , abstract , references , citings, index 
^ terms , review 

Consider the class of distributed database systems consisting of a set of nodes connected by 
a high bandwidth network. Each node consists of a processor, a random access memory, 
and a slower but much larger memory such as a disk. There is no shared memory among 
the nodes. The data are horizontally partitioned often using a hash function. Such a 
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description characterizes many parallel or distributed database systems that have recently 
been proposed, both commercial and academic. We study the ... 

Keywords: NP-complete problems, equijoin, hashing, relational data models, spanning 
trees, systems 
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The invention automatically executes, in a single execution medium, a number of 
programs written in source languages to which respective execution media are 
dedicated, without constraining a programmer to a single source language for a 
respective execution medium type. Each program is compiled into a program expressed 
in an intermediate language representing a minimum subset of the source languages . 
In a data processing means such as a smart card, an execution medium is dedicated 
to the intermediate language. The intermediate language program is loaded with a 
respective programming library adapting the respective source language to the 
intermediate language in order to execute the intermediate language program in the 
execution medium. 

16 Claims, 11 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets : 8 
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ABSTRACT: 

The objects to be stored on a SmartCard or on a similar device are output from the 
host application computer in a form adapted to the device, particularly in form of 
a byte array which can easily be stored on such a SmartCard. That serialization 
comprises to convert any particular object into a sequence of bytes representing 
the object and its current status by storing all attributes, the name of them and 
all further objects which are referenced by the object which is subject to that 
serialization step. With the total of that information that object can be recovered 
in an unchanged form after any reset or interruptions which can possibly take place 
during usage of the SmartCard in a respective SmartCard terminal. The recover 
procedure is performed in analogous form: the object as well as all further objects 
being referenced by that object is instantiated and is initialized with the data 
read out from the SmartCard. The byte array representing that object can be stored 
both on common file system oriented SmartCards and on JavaCards, too, without being 
confronted to any specific further problem. 
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ABSTRACT : 

A method for arithmetic expression optimization includes receiving a first 
instruction defined for a first processor having a first base, the first 
instruction including an operator and at least one operand, converting the first 
instruction to a second instruction optimized for a second processor having a 
second base when all operands do not carry potential overflow or when the operator 
is insensitive to overflow, the second base being smaller than the first base, and 
converting to a wider base a third instruction that is the source of the overflow 
when the at least one operand the potential for overflow and when the operator is 
sensitive to overflow. An apparatus for arithmetic expression optimization includes 
at least one memory having program instructions and at least one processor 
configured to use the program instructions to receive a first instruction defined 
for a first processor having a first base, convert the first instruction to a 
second instruction optimized for a second processor having a second base when every 
one of the at least one operand does not carry potential overflow or when the 
operator is insensitive to overflow, the second base being smaller than the first 
base, and convert to a wider base a third instruction that is the source of the 
overflow when the at least one operand the potential for overflow and when the 
operator is sensitive to overflow. 
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ABSTRACT : 

The invention is directed to a method for operating a computer system, as well as 
to a byte code verifier and to a computer system. The inventive method checks 
whether a computer program loaded onto a computer system exercises an illegal 
access to a variable, i.e. whether the variable is initialized before it is read. 
This test ensues before the execution of the program, so that such a test no longer 
need be performed upon execution of the program. The inventive method requires 
little memory space in the testing of the program and nonetheless carries out a 



http://westbra:9000/b^ 3/11/05 



Record List Display 



Page 4 of 8 



complete test. Since the testing ensues before the execution of the program, the 
program execution itself is considerably speeded up since no further test is 
thereby required. 

11 Claims, 5 Drawing figures 
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ABSTRACT : 

A method of operating a computer system includes providing a program in memory, 
verifying the program prior to an installation of the program and generating a 
program fault signal when the verification fails. The program includes at least one 
program unit, and each program unit includes an Application Programming Interface 
(API) definition file and an implementation. Each API definition file defines items 
in its associated program unit that are made accessible to one or more other 
program units and each implementation includes executable code corresponding to the 
API definition file. The executable code includes type specific instructions and 
data. Verification includes determining whether a first program unit implementation 
is internally consistent, determining whether the first program unit implementation 
is consistent with a first program unit API definition file associated with the 
first program unit implementation and generating a program fault signal when the 
verifying fails. A resource -constrained device includes a memory for providing a 
remotely verified application software program that includes at least one program 
unit, each program unit comprising type specific instructions and data. The 
resource-constrained device also includes a virtual machine that is capable of 
executing instructions included within the application software program. The remote 
verification uses an API definition file for each implementation to determine 
whether a first program unit implementation is internally consistent and to 
determine whether the first program unit implementation is consistent with a first 
program unit API definition file associated with the first program unit 
implementation . 
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ABSTRACT : 

A system and method are provided for prioritizing components of an existing network 
framework. First, a plurality of components required for implementation of a 
predetermined technology using an existing network framework are provided. Next, a 
priority listing of the components is complied such that the relative position of 
the components on the priority listing corresponds to a temporal priority among the 
components. The existing network framework and the components are pictorially 
represented. Next, a first component of the existing network framework is indicia 
coded in order to indicate that the first component must be installed first based 
on the component's position on the priority listing. Thereafter, a second component 
and any remaining components of the existing network framework is indicia encoded 
in order to indicate that the second component and any remaining components must be 
installed after the first component based on the second component's position on the 
priority listing. 
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Language subset validation includes validating multiple program modules that 
comprise a program. The program modules include multiple bytecodes defined for a 
first computer language that is a hardware -dependent subset of a second computer 
language. The validation includes indicating an error condition for items in the 
multiple program modules that are not defined for the first computer language, 
indicating an error condition for items in the multiple program modules that are 
not supported by an execution environment of the first computer language and 
indicating an error condition for items in the multiple program modules that are 
defined for the first computer language but used in a manner inconsistent with the 
first computer language. 

60 Claims, 17 Drawing figures 
Exemplary Claim Number: 55 
Number of Drawing Sheets : 15 
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ABSTRACT : 

A system, method and article of manufacture are provided for conveying redundancies 
and omissions among components of a network framework such as a web architecture 
framework. First, an area of an existing network framework is determined in which 
redundancies and omissions exist. Next, a pictorial representation of the existing 
network framework is presented along with a plurality of its components. The 
foregoing redundancies and the omissions are then highlighted by indicia coding the 
components of the existing network that reside in the area. As such, a diagnostic 
analysis of redundant efforts and gaps in a current implementation of the existing 
network framework is effectively conveyed. 
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ABSTRACT : 



An integrated circuit card is used with a terminal. The integrated circuit card 
includes a memory that stores an interpreter and an application that has a high 
level programming language format. A processor of the card is configured to use the 
interpreter to interpret the application for execution and to use a communicator of 
the card to communicate with the terminal . 
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